Functional Privacy or Why Cookies Are Better with Milk

The price of Internet services is user information, and many pay it without hesitation. While myriad privacy tools exist that thwart the detailed compilation of information about user habits, these tools often assume that reduced functionality is always justified by increased privacy. In contrast, we propose the adoption of functional privacy as a guiding principle in the development of new privacy tools. Functional privacy has the overarching goal of maintaining all functionality while improving privacy as much as practically possible — rather than forcing users to make decisions about tradeoffs that they may not fully understand. As a concrete example of a functional privacy approach, we implemented Milk, a Google Chrome extension that automatically rewrites HTTP cookies to strictly bind them to the first-party domains from which they were set. We also identify existing privacypreserving tools that we believe embody the principle of functional privacy and discuss the limitations of others.